Support Center > Search Results > SecureKnowledge Details
How to update the Trusted Certificate Authorities (CAs) list for HTTPS Inspection and HTTPS Categorization Technical Level
Solution

An important part of  HTTPS Inspection support is the validation of the server's certificates from the signing Certificate Authority (CA). 

Note: when HTTPS Categorization (HTTPS Light) is enabled, the trusted CA list is also used.

A Security Gateway with enabled HTTPS Inspection has a built-in predefined list of trusted CAs, based on the Microsoft updates TrustedCA list.

Updates are released based on changes in the recommended CA list.

This article describes how to:

    • perform a manual update of Trusted CAs
    • configure a Security Management Server to check if updates to Trusted CAs are necessary

To configure a Security Management Server to update trust CAs automatically, see sk173629 - How to update trusted CAs automatically.

To perform a manual update of Trusted CAs using an R81.X or R80.X Management Server:

  1. Open SmartConsole.

  2. Go to Manage & Setting.

  3. Select Blades.

  4. Below Configure HTTPs Inspection, click Configure in SmartDashboard.

  5. Click on the Trusted CAs section.

  6. At the top, click Actions - select Update certificate list... - browse for the ZIP file with certificates - click Open.

  7. Install policy on the Security Gateways.

To perform a manual update of Trusted CAs using an R77.X Management Server:

  1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  2. Go to the Application & URL Filtering tab.

  3. Expand the Advanced section.

  4. Expand the HTTPS Inspection section.

  5. Click on the Trusted CAs section.

  6. At the top, click Actions button - select Update certificate list... - browse for the ZIP file with certificates - click Open

  7. Install policy on the Security Gateways.

To enable automatic update checks for Trusted CAs using an R81.X or R80.X Management Server:

Note: updates are only checked automatically; they must be installed manually.
    1. Connect with SmartDashboard to the Security Management Server / Domain Management Server.

    2. Go to the Application & URL Filtering tab.

    3. Expand the Advanced section.

    4. Expand the HTTPS Inspection section.
    5. Click the Trusted CAs section.

    6. At the bottom of this page, check the box Notify when a Trusted CA and Blacklist update file is available for installation.
      If there is an available update, then this message appears: "A Trusted CA and Blacklist update has been downloaded"

    7. Click Install now.

    8. Install policy on the Security Gateway.

Related Solution: sk173629 - How to update trusted CAs automatically.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment